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Description 

This invention relates to local area networks for 
providing intercommunication between computers 
and/or other digital equipment (hereinafter called data 
termination equipment and abbreviated to DTE). 
More particularly, it is concerned with networks of the 
kind in which DTE's are connected (normally via a me- 
dia attachment Unit (MAU), also called a transceiver) 
to a common transmission medium such as a coaxial 
cable, a twisted pair cable or an optical fibre and in 
which digital repeaters (usually multiport repeaters, 
MPR's) are used to restore digital signals that have 
been attenuated or otherwise degraded and to pro- 
vide for branching when required. The invention in- 
cludes improved repeaters and the networks in which 
they are used. 

The invention is primarily (but not exclusively) 
concerned with networks operating Carrier Sense 
Multiple Access techniques with collision detection 
(CSMA/CD). The best-known networks of this type 
are those specified by the International Standards 
Organisation as ISO 8802/3 networks and by Xerox 
Corporation as "Ethernet" networks. 

In such systems, data is transmitted in frames 
which have a limited range of lengths and are normal- 
ly made up of a meaningless preamble (for establish- 
ing synchronisation), a start-of-f rame indicator, a des- 
tination address segment, a source address segment, 
a control segment (indicating, for instance, the frame 
length), a segment of data (often beginning with a 
frame or protocol identification) to be transmitted to 
the DTE identified by the address identification, and 
a frame check segment for verifying accuracy of 
transmission. 

MPR's repeatf rames received on an input port in- 
discriminately to all their output ports and necessarily 
(because of delay limits imposed by the network 
specifications) begin to retransmit before the com- 
plete frame has been received. 

A local area network as so far described is inse- 
cure, in the sense that any DTE can transmit data to 
any other and that an eavesdropper gaining access to 
the transmission medium can read all the data. 

In known systems, a measure of security may be 
achieved by physically subdividing the transmission 
medium into groups using components called 
"bridges" which receive and store computer data 
frames and can then analyse them and determine 
whether they are authorised frames and if so to which 
of its output ports they need to be re-transmitted. 
However, bridges are much more expensive than 
MPR's and introduce a delay in excess of the frame 
length. 

Atypical such bridge is described in an article by 
J. Weinstein in Mini-Micro February 1989 entitled 
"Bridging to a Better LAN". 

A further bridging structure is described by Con- 



rad K. Kwok et al in "On Transparent Bridging of 
CSMA/CD Networks" presented at IEEE Global Tele- 
communications Conference and Exhibition, Dallas, 
Texas November 1989. In this article a "cut-through 

5 bridge" is described which functions largely like a 
passive repeater at light loads and largely like a nor- 
mal bridge at heavy loads. This is achieved by begin- 
ning to forward a frame received from a first network 
to a second network before the complete frame is re- 

10 ceived. At heavy loads a collision will occur and there- 
fore transmission to the second network cannot be 
completed. In such a case the frame is buffered by 
the bridge for transmission later. Also, once the com- 
plete destination address of a frame has been re- 

15 ceived by the bridge, the bridge can determine wheth- 
er or not that frame needs to be transmitted to the 
second network according to whether that destination 
is present in the second network. 

The present invention provides a secure repeater 

20 for use in a local area network and arranged to be 
connected, in use, to a plurality of data termination 
equipment (DTEs), the repeater comprising means 
for receiving incoming data frames; means for re- 
transmitting said frames during a time interval that 

25 begins before a complete frame of data has been re- 
ceiving; means for storing access rules for the DTEs 
connected to it; means for reading at least one portion 
of the frame selected from the destination address 
segment, the source address segment, the control 

30 segment and the frame or protocol identifier, if pres- 
ent, of each incoming data frame and comparing the 
portion or portions so read with the stored access 
rules to determine whether the frame is permitted or 
not; and means for corrupting the frame in retrans- 

35 mission if it determines that it is not. 

The present invention thus provides repeaters 
with security features such that in a local area net- 
work in which they are used the expense and signal 
delay inherent in the use of bridges can be avoided, 

40 or at least minimised. 

When the portion of the frame selected to be read 
is in the control segment it may be the whole segment 
or it may be only a part of the segment that is relevant 
to the decision to be made. In most (but not necessar- 

45 ily all) other cases, the whole of the appropriate ad- 
dress segment or of the identifier should be read. 

The access rules may be written to their storing 
means in various ways, depending (among other 
things) on the level of security required. For example, 

so a degree of security can be achieved by allowing a 
learning period when the network is first set up in 
which the repeater "self-learns" which DTE's are con- 
nected to each of its ports and thus sets up its own 
access rules for each port forbidding the transmission 

55 thereafter of any frame with a source address not cor- 
responding with a DTE not connected to that port dur- 
ing the learning period. 

More sophisticated rules can be loaded (or self- 
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learned rules can be editied) using data provided as 
control frames from a network manager, or if the pos- 
sibility of the network manager being misused or 
counterfeited needs to be allowed for, from a special 
input device (a key pad or a mobile memory device, 5 
for instance) coupled to the repeater itself and pro- 
tected from misuse either by password protection or 
by removing the input device once the access rules 
have been written. In extreme cases, the means pro- 
vided in the repeater for coupling the input device 10 
could be destroyed after use, or the rules could be in- 
serted as a pre-programmed ROM encapsulated 
along with key components of the repeater to prevent 
substitution. 

Either one or both of the destination address seg- 15 
ment and the source identification segment may be 
read and compared with the stored access rules, de- 
pending on the nature of the rules to be applied. For 
example, if the physical connections are such that all 
the DTE's connected to a particular input port (or 20 
group of ports) of a repeater have unlimited access to 
the network, then there is no point in comparing the 
destination address segments of frames received on 
that port, and it is only necessary to check the source 
address segment to verify that the DTE in question is 25 
authorised to be connected there. Similarly, if physi- 
cal security can be relied on to prevent unauthorised 
connections and all the DTE's connected to a port (or 
group of ports) have the same (but limited) access to 
other parts of the network, then only the destination 30 
address segment needs to be read and compared. 

Subject to the limitations set by comparison time 
and storage space, each DTE may have its own ac- 
cess rules, independently of all the others, or if the 
DTE's are organised in groups with common access 35 
rules, then it is possible for individual DTE's to be al- 
located to more than one of the groups; for example, 
a departmental accountant's terminal could have ac- 
cess to all the other terminals within his department 
and also to other accountants' terminals outside the 40 
department, without the need to give unnecessary 
access between the remaining terminals of those two 
groups. 

Ideally, all the data contained in an unauthorised 
frame should be corrupted, and this presents no prob- 45 
lems if the destination address segment shows the 
frame to be unauthorised; if however it is the source 
address, the control frame or the frame or protocol 
identifier segment that shows the frame to be unau- 
thorised, the time taken to make comparisons may be so 
such that a few bytes of data may be retransmitted 
without corruption. If this is considered unacceptable, 
high-speed comparison algorithms may be used 
and/or the system protocol may be modified so that 
there will be an appropriate number of meaningless 55 
bytes at the beginning of the data segment. 

Data may be corrupted, when required, by over- 
writing a series of binary digits selected from all 1's, 



all O's, cyclically repeated sequences and pseudo- 
random sequences. The first two require no more 
complex generating means than a simple logic gate, 
say a non-exclusive OR gate, receiving the incoming 
data on one input and a permitted/not permitted flip- 
flop signal on its other input so as to pass the data to 
output if the flipflop is set "permitted" but a continu- 
ous "high" or "low" output if it is set "not permitted". 

Cyclically repeated or pseudo-random sequenc- 
es can be read from memory or generated when re- 
quired by conventional means. 

Data may alternatively be corrupted by encrypt- 
ing it in a manner that cannot be decrypted by the 
DTE's of the network, except possibly one or a few 
authorised DTE's (for instance the network control- 
ler). This provides the facility for the controller, or a 
security unit, to be informed of the content of the cor- 
rupted frame. 

If desired, a repeater which detects an unautho- 
rised frame may, in addition to corrupting it, switch off 
the port on which such a frame was received and/or 
the port to which the DTE it was addressed to is con- 
nected. Preferably it only does so if it knows that the 
port concerned is not connected to another repeater. 

On occasion, an unauthorised person gaining ac- 
cess to a network may not be concerned to transmit 
unauthorised data, nor to read data from the network, 
but to prevent proper functioning of the network. One 
easy way of so "jamming" a conventional network is 
to inject into it a rapid succession of frames that con- 
form to the system protocol, so that any other user 
seeking to transmit will encounter a "collision". As a 
precaution against this form of abuse, the repeater in 
accordance with the invention may additionally be fit- 
ted with a timer (or frame counter) device arranged to 
limit the number of consecutive frames that will be ac- 
cepted on any one port and to switch off that port if 
the limit is exceeded. 

If desired, the repeater in accordance with the in- 
vention may be switchable (eg by a local, key-operat- 
ed switch or by a control frame from a network man- 
ager) between secure operation in accordance with 
the invention and ordinary, insecure, operation; the 
latter may be desirable, for example, during fault test- 
ing and identification. 

The invention will be further described by way of 
example with reference to the accompanying draw- 
ings in which Figure 1 is a diagram of a network in ac- 
cordance with the invention incorporating four multi- 
port repeaters and Figure 2 is a block diagram of 
those parts of a multiport repeater that are relevant 
to understanding of the present invention. 

The network of Figure 1 comprises 14 items of 
data termination equipment, DTE 1 to DTE 14 (which 
may for example be general purpose personal com- 
puters, dedicated word processors, printers, disc 
drives etc), and a network controller C. Each of these 
is connected through its own media access unit MAU 
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1 to M AU 1 5 to one or other of three multiport repeat- 
ers MPR 1, MPR 2 and MPR 3; these are in turn in- 
terconnected by the remaining repeater MPR 4. 

Figure 2 shows one module serving ports 1 to 4 
of an MPR, the assumption for the purpose of illustra- 5 
tion being that there is at least one other module serv- 
ing further ports, and that the access rules will be the 
same for all the ports connected to this module. 

The most basic conventional function of the MPR 
is served by the inputs received on any one of ports 10 
1 to 4 passing via respective port interface units 5 and 
multiplexers 6 and 7 to a first in/first out memory 8. 
This is inert until enabled by a signal from a start of 
frame detecter 9, and then begins to store the incom- 
ing data. In the meantime, a preamble generater 10 15 
has begun to output a preamble signal through the 
multiplexer 11 to all of the port interfaces, which will 
pass it to their respective ports except in the case of 
the port receiving the incoming signal. Preamble 
transmission continues until a counter 12 indicates 20 
that the prescribed length of preamble has been out- 
putted. Provided there are then at least 3 bits of data 
in the memory 8, the multiplexer 11 is switched to be- 
gin reading out the data stored in the memory, and in 
the ordinary way will continue to do so until the com- 25 
plete frame has been received into and then read 
from the memory 8. 

However, in accordance with the invention, the 
incoming signal is also passed via a shift register 13 
which extracts the destination address and the 30 
source address in parallel form to latches 14 and 15 
which are switched by counters 16 enabled by the 
start of frame signal from detecter 9. These are 
passed to comparators 1 7 and compared with the ac- 
cess rules previously stored in a database 18. 35 

If the comparators indicate that the frame is not 
in accordance with the rules contained in the data- 
base, then a signal is output via a delay 19 (serving 
to ensure that the source address will never be cor- 
rupted) to the multiplexer 7, and cause it to transmit, 40 
for the remainder of the length of the frame, a mean- 
ingless sequence of digits available to it from a se- 
quence generator 20 instead of the incoming signal. 
Preferably when such a signal is given, data is also 
transmitted to the network controller C identifying the 45 
port on which the frame concerned was received, the 
destination address and source address of the frame 
and the reason for the decision that the frame was un- 
authorised. If desired, this signal may be separated 
from the system data signals into a separate signal- so 
ling medium, designated on the diagram as an info 
bus. 

The repeater provides in addition conventional 
facilities for detecting a collision and transmitting jam 
signals in response to it, for extending signal frag- 55 
ments arising from collisions and for disabling a port 
on which excessive collisions or frame lengths ex- 
ceeding the protocol limit are indicative of faulty 



equipment. 

Suppose, by way of example, that DTE's 1 to 5 
need to communicate with each other but with none 
of the other DTEs. DTE's 6 to 9 similarly need access 
only to each other but DTE 10 needs access not only 
to DTE 6 to 9 but also DTEs 11 to 14; obviously, all 
the DTE's need to be in communication with the net- 
work controller C. This could be achieved by connect- 
ing MAUs 1 to 5 to one module (or to separate mod- 
ules with the same instructions in their address rule 
databases) in MPR 1, MAU 6 to 9 to one module and 
MAU 10 to a separate module in MPR 2 and similarly 
MAUs 11 to 14 to one module and MAU 15 to a second 
module in MPR 3. In MPR 1, the address database 
needs to be loaded with rules accepting destination 
addresses corresponding to the network controller C 
and to its own DTE's 1 to 5 but no other, and may op- 
tionally be loaded with the source addresses of its 
own DTE's 1-5 in order to reject signals from an ad- 
ditional DTE connected to it without authority. The 
first module of MPR 2 is correspondingly loaded. The 
second module of MPR 2, on the other hand, is loaded 
with rules accepting destination addresses corre- 
sponding to MAU's 6 to 9 and 11 to 14 as well as to 
the network controllers MAU 15 (and if required to ac- 
cept no source address except that of DTE 10). 

The first module of MPR 3 is loaded with rules ac- 
cepting destination addresses corresponding to any 
of MAU's 10-15 (and optionally to accept only source 
addresses corresponding to MAU's 11 to 14); and the 
second module of MPR 3 is loaded to accept any des- 
tination address (and preferably to accept no source 
address except that of the network controller C). 

MPR 4 may, if physical security is reliable, be a 
conventional MPR without security features; or it may 
be a repeater in accordance with the invention loaded 
with analagous rules to provide additional security. 

Note that in this example, the network has been 
so arranged that each destination address and each 
source address is either accepted or rejected uncon- 
ditionally. This has the advantage of requiring the 
shortest processing time, and consequently allowing 
an unauthorised frame to be corrupted from as nearly 
as possible the beginning of its data segment. It is 
however possible, subject to process time limitations, 
to provide conditional rules allowing certain destina- 
tion addresses to be accessed from some but not all 
of the DTE's connected to the module in question. 



Claims 

1 . A secure repeater for use in a local area network 
and arranged to be connected, in use, to a plur- 
ality of data termination equipment (DTEs), the 
repeater comprising means (5,6) for receiving in- 
coming data frames; means (8,11,5) for retrans- 
mitting said frames during a time interval that be- 
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gins before a complete frame of data has been re- 
ceiving; means (18) for storing access rules for 
the DTEs connected to it; means (13,14,15) for 
reading at least one portion of the frame selected 
from the destination address segment the 5 
source address segment, the control segment 
and the frame or protocol identifier, if present, of 
each incoming data frame and comparing the 
portion or portions so read with the stored access 
rules to determine whether the frame is permitted 10 
or not; and means (20) for corrupting the frame 
in retransmission if it determines that it is not. 

2. A repeater as claimed in claim 1 including means 

for reading and comparing both the destination 15 
address segment and the source address seg- 
ment of the incoming frame. 

3. A repeater as claimed in claim 1 or claim 2 in 
which the said means (20) for corru pting the data 20 
frame comprises means for overwriting it with a 
series of binary digits selected from all 1 's, all O's, 
cyclically repeated sequences and pseudo-ran- 
dom sequences. 

25 

4. A repeater as claimed in claim 1 or claim 2 in 
which the means for corrupting the data frame is 
encrypting means. 

5. A repeater as claimed in any one of the preceding so 
claims in which the said access rules are self- 
learned on the basis of the identity of equipment 
connected to its ports during an initial learning 
period. 

35 

6. a repeater as claimed in any one of claims 1-4 in 
which the said access rules are written to the re- 
peater by a network manager. 

7. A repeater as claimed in any one of claims 1-4 in 40 
which the said access rules are written to the re- 
peater from an input device coupled to it and re- 
moved once the acces rules have been written. 

8. A repeater as claimed in any one of claims 1-4 in 45 
which the said access rules are written to the re- 
peater by an input device protected from misuse 

by password protection. 

9. A repeater as claimed in any one of the preceding so 
claims in which, when an unauthorised frame is 
detected, in addition to the frame being corrupted 

the port on which it was received, and/or the port 
to which the DTE it was addressed to is connect- 
ed, is switched off. 55 

1 0. A repeater as claimed in any one of the preceding 
claims including means for switching off any input 



port on which a number of consecutive frames in 
excess of a predetermined limit are received. 



Patentanspruche 

1. Sicherer Zwischenverstarker zum Einsatz in ei- 
nem Nahbereichsnetz, der in Funktion mit einer 
Vielzahl von Datenendeinrichtungen (DTEs) ver- 
bunden wird, wobei der Zwischenverstarker eine 
Einrichtung (5,6) zum Empfang ankommender 
Datenrahmen umfalit; eine Einrichtung (8,11,5) 
zum Weiterubermitteln der Rahmen wShrend ei- 
nes Zeitabschnitts, der beginnt, bevor ein kom- 
pletter Datenrahmen empfangen worden ist; eine 
Einrichtung (18) zum Speichern von Zugangsre- 
geln fur die damit verbundenen DTE's; eine Ein- 
richtung (13,14,15) zum Lesen wenigstens eines 
Teils des Rahmens, der aus dem Zieladressen- 
segment, dem Ursprungsadressensegment, dem 
Steuersegment und der Rahmen- oder Protokoll- 
kennung - falls vorhanden - jedes ankommenden 
Datenrahmens ausgewahlt worden ist, und zum 
Vergleichen des so gelesenen Teils bzw. der so 
gelesenen Teile mit den gespeicherten Zugangs- 
regeln, urn festzustellen, ob der Rahmen zuge- 
lassen ist oder nicht; sowie eine Einrichtung (20) 
zum Verstummeln des Rahmens beim Weiter- 
ubermitteln, wenn sie feststellt, daft er es nicht 
ist. 

2. Zwischenverstarker nach Anspruch 1, der eine 
Einrichtung zum Lesen und Vergleichen sowohl 
des Zieladressensegments als auch des Ur- 
sprungsadressensegments des ankommenden 
Rahmens enthalt. 

3. Zwischenverstarker nach Anspruch 1 oder An- 
spruch 2, wobei die Einrichtung (20) zum Ver- 
stummeln des Datenrahmens eine Einrichtung 
zum Uberschreiben desselben mit einer Reihe 
von Binarziffern umfa&t, die aus alien Einsen, al- 
ien Nullen, zyklisch wiederholten Sequenzen und 
pseudozufalligen Sequenzen ausgewahlt wer- 
den. 

4. Zwischenverstarker nach Anspruch 1 oder An- 
spruch 2, wobei die Einrichtung zum Verstum- 
meln des Datenrahmens eine Verschlusselungs- 
einrichtung ist 

5. Zwischenverstarker nach einem dervorangehen- 
den Anspruche, wobei die Zugangsregeln auf der 
Grundlage der Kennung der mit seinen Kanalen 
verbundenen Gerite w§hrend einer anfMnglichen 
Lernperiode selbst gelernt werden. 

6. Zwischenverstarker nach einem der Anspruche 
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1-4, wobei die Zugangsregeln durch einen Netz- 
manager in den Zwischenverstarker geschrieben 
werden. 

7. Zwischenverstarker nach einem der Anspruche 
1-4, wobei die Zugangsregeln von einer Eingabe- 
vorrichtung in den Zwischenverstarker geschrie- 
ben werden, die mit ihm verbunden ist und ent- 
fernt wird, wenn die Zugangsregeln eingeschrie- 
ben worden sind. 

8. Zwischenversarker nach einem der Anspruche 1 - 
4, wobei die Zugangsregeln von einer Eingabe- 
vorrichtung in den Zwischenverstarker geschrie- 
ben werden, die durch PaBwortschutz gegen 
Mi&brauch geschutzt ist. 

9. Zwischenverstarker nach einem der vorangehen- 
den Anspruche, wobei, wenn ein unzulassiger 
Rahmen erfa&t wird, zusatzlich zur Verstumme- 
lung des Rahmens der Kanal, uber den er emp- 
fangen wurde, und/oder der Kanal, mit dem die 
DTE, an die eraddressiert war, verbunden ist, ab- 
geschaltet wird. 

1 0. Zwischenverstarker nach einem der vorangehen- 
den Anspruche, der eine Einrichtung zum Ab- 
schalten jedes beliebigen Eingangskanals ein- 
schlieSt, an dem eine Anzahl aufeinanderfolgen- 
der Rahmen empfangen wird, die eine vorgege- 
bene Grenze ubersteigt. 



Revendications 

1. Un repetiteur protege pour utilisation dans un re- 
seau dezone locale etagence af in d'etre relie, en 
utilisation, a une pluralite d'equipements de ter- 
minaux de donnees (DTE), le repetiteur compre- 
nant des moyens (5, 6) pour recevoir des blocs de 
transmission de donnees arrivant ; des moyens 
(8, 11, 5) pour retransmettre lesdits blocs de 
transmission durant un intervalle de temps, qui 
commence avant qu'un bloc de transmission de 
donnees complet ait ete recu ; des moyens (18) 
pour emmagasiner des regies d'acces pour les 
equipements de terminaux de donnees relies a 
lui ; des moyens (13, 14, 15) pour lire au moins 
une partie du bloc de transmission selectionne a 
partir du segment d'adresse de destination, le 
segment d'adresse de source, le segment de 
commande et le dispositif d'identif ication de bloc 
de transmission ou de protocol e, si presents, de 
chaque bloc de transmission de donnees arri- 
vant, et comparer la partie ou les parties ainsi 
lues avec les regies d'acces emmagasinees, af in 
de determiner si le bloc de transmission est au- 
torise ou non ; et des moyens (20) pour alterer le 



bloc de transmission en retransmission si ils de- 
terminant que c'est non. 

2. Un repetiteur tel que revendique dans la re vend i- 
5 cation 1 , incluant des moyens pour lire et compa- 

rer, a la fois, le segment d'adresse de destination 
et le segment d'adresse de source du bloc de 
transmission arrivant. 

10 3. Un repetiteur tel que revendique dans la revendi- 
cation 1 ou la revendication 2, dans lequel lesdits 
moyens (20) pour alterer le bloc de transmission 
de donnees comprennent des moyens pour le 
surcharger avec une serie de chiffres bin aires, 

15 ces derniers etant selectionnes tout avec des 1 , 
tout avec des 0, des sequences repetees cycli- 
quement et des sequences pseudo-aleatoires. 

4. Un repetiteur tel que revendique dans la re vend i- 
20 cation 1 ou la revendication 2, dans lequel les 

moyens pour alterer le bloc de transmission de 
donnees sont des moyens de cryptage. 

5. Un repetiteur tel que revendique dans une quel- 
25 conque des precedentes revendication, dans le- 
quel desdites regies d'acces sont auto-apprises 
sur la base de I'identite d' equipement relie a ces 
ports durant une periode d'apprentissage initial. 

30 6. Un repetiteur tel que revendique dans une quel- 
conque des revendications 1 a 4, dans lequel les- 
dites regies d'acces sont ecrites au repetiteur par 
un manager de reseau. 

35 7. Un repetiteur tel que revendique dans une quel- 
conque des revendications 1 a 4, dans lequel les- 
dites regies d'acces sont ecrites au repetiteur a 
partir d'un dispositif d'entree, couple a lui et retire 
une fois que les regies d'acces ont ete ecrites. 

40 

8. Un repetiteur tel que revendique dans une quel- 
conque des revendications 1 a 4, dans lequel les- 
dites regies d'acces sont ecrites au repetiteur par 
un dispositif d'entree, protege contre un emploi 

45 abusif par une protection a mot de passe. 

9. Un repetiteur tel que revendique dans une quel- 
conque des precedentes revendications, dans le- 
quel, lorsque un bloc de transmission non autori- 

so se est detecte, en supplement au bloc de trans- 
mission etant altere, le port sur lequel il etaitregu, 
et/ou le port auquel I'equipement de terminaux de 
donnees lui etait adresse et relie, sont mis hors 
service. 

55 

10. Un repetiteur tel que revendique dans une quel- 
conque des precedentes revendications, incluant 
des moyens pourmettre hors circuit un portd'en- 
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tree quelconque, sur lequel un n ombre de blocs 
de transmission consecutifs exc6dant une limite 
predetermines est recu. 
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Fig. 2(cont) 
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